• US government sends warning letter to retailers about ongoing breach investigation

US government sends warning letter to retailers about ongoing breach investigation

Reuters reports that the U.S. government today sent a confidential 16-page letter to retailers, which it says "describes the malicious software and techniques used to attack Target Corp. late last year."

The letter was written with help from security firm iSIGHT Partners, a cyber intelligence firm with offices in 16 countries. In a blog post yesterday, iSIGHT confirmed that it is working with the U.S. Secret Service on the case, and offered this chilling bit of news:

The identification and dissection of the malicious code provides two immediately important insights:

  1. Recent retailer data breaches may not have been targeted attacks, but may well be part of a broader data theft scheme focused on many operators of point-of-sale systems.
  2. The scope, scale, and reach of recent data breaches is not yet known.

The piece of malicious software that has been identified is named KAPTOXA (pronounced kar-toe-sha), and iSIGHT says it has "potentially infected a large number of retail information systems." We asked iSIGHT′s Tiffany Jones, the author of the blog, whether they could give any indication of how many different retailers might be affected, but she was not able to comment, citing an "ongoing investigation." 

The first traces of KAPTOXA were noticed by iSIGHT in June 2013. The software "contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect."

Related Content

User Comments – Give us your opinion!
  • Milos Dunjic
    I am sure that many tools NSA uses were written by Russians as well. Who originally wrote the software should not really matter. The 'Russian teenager' made his buck by selling the malware to the people who committed the data breach. That is where probably 'Russian connection' ends. James Bond conspiracy won't help payment industry in the US Who planted it inside the POS terminals, and why Target and its Acquirer processor did not detect the breach in the first place are the main questions. Don't they check the POS software stack digital signature? What about PCI DSS? Is it useless in preventing these kinds of most likely insider type attacks? EMV + end to end unique per txn PAN tokenization (transparent to the merchant, acquirer) is the best deterrence mechanism against credit card collection and usage in online channel. Make the txn info useless to anybody except card issuer and that solves this.
  • Jon von Gunten
    Rolling transaction-authorization passwords solve a lot, but retailers prefer to (so far unsuccessfully) harden network hdw and sfw, rather than slow down store lines or inconvenience customers with that added step. But it's not that hard to implement, and needn't slow lines any more than fishing for a credit card. They're already slowed by debit card users entering personal codes.
Products & Services

Ford Work Solutions Kiosk



Codigo Custom Content



Slabb X4 Wall Mount Informational Kiosk



Slabb X7 Transactional Kiosk






Big Impact Professional-Grade LCD | 70” NEC P701



Retail Undercover Shopper or Employee



Slabb X10 Informational Wayfinding Kiosk



Olea Milan Kiosk



Black Box HD View™ HDMI Multidigital Extenders



Vend and PayPal White Paper
CONNECT 2014 Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.